Benchmark: 17 Archiving
Description
Data may be archived. This data should be checked for accessibility, readability and integrity. If relevant changes are to be made to the system (e.g. computer equipment or programs), then the ability to retrieve the data should be ensured and tested.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 17 Archiving.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.gxp_eu_annex_11_operational_phase_17
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.gxp_eu_annex_11_operational_phase_17 --share
Controls
- Backup plan min frequency and min retention check
- Backup recovery points should be encrypted
- Backup recovery points manual deletion should be disabled
- Backup recovery points should not expire before retention period
- DynamoDB tables should be in a backup plan
- DynamoDB table point-in-time recovery should be enabled
- DynamoDB table should be protected by backup plan
- EBS volumes should be in a backup plan
- EBS volumes should be protected by a backup plan
- EC2 instance should have EBS optimization enabled
- EC2 instances should be protected by backup plan
- EFS file systems should be in a backup plan
- EFS file systems should be protected by backup plan
- ElastiCache Redis cluster automatic backup should be enabled with retention period of 15 days or greater
- FSx file system should be protected by backup plan
- RDS Aurora clusters should be protected by backup plan
- RDS DB instance backup should be enabled
- RDS DB instances should be in a backup plan
- RDS DB instance should be protected by backup plan
- AWS Redshift clusters should have automatic snapshots enabled
- S3 bucket cross-region replication should be enabled
- S3 bucket versioning should be enabled